Nowadays, with the development of information technology (IT), businesses build a series of applications for production activities. IT applications are built on many platforms, using many different types of databases. Once an application is released, It is difficult for providers to guarantee the maximum security of the stored data. Administrative process, the operation expansion also causes errors arising in the application, affecting the system security.
With the development of IT, new attack types and sabotage have been created. Recently, when the frequency of cyber attacks is increasing, the severity and sophistication are increasing, cybersecurity solutions are more concerned and invested by organizations. Instead of stand-alone, specialized solutions that can only handle one aspect of the attack, users are convinced by comprehensive, multi-layered solutions to detect, resolve threats even unprecedented threats and SOC is a solution of a combination of 3 core factors in the information technology industry in general and cybersecurity in particular, including People - Technology - Process. OC is the final barrier to solving the remaining shortcomings of the security devices that EVNHCHC has implemented so far.
EVNHCMC SOC model
EVNHCMC's SOC was deployed and completed in November 2021 to meet the cybersecurity monitoring demands. The operation of SOC brings many benefits. Such as:
- Proactively defend against attacks on the system. Proactively detect and handle quickly when a risk of unsafety begins.
- Monitoring 24/7, helping to detect, handle and prevent cybersecurity risks early.
- Minimize the risk of spreading malicious code. In particular, minimize the impact of APT attacks, from outside & inside, using malicious code, unidentified exploit code.
- Minimize operational omissions, arising risks during operation. Reduce risks by proactively monitoring/managing security vulnerabilities throughout the system, while monitoring compliance with international cybersecurity standards such as ISO 27000, NERC CIP, OWASP, etc.
- Increase the level of security for the system from being dependent on technology to the optimal level of operation combining technology-process-experts, protecting information assets, especially related assets to business activities.
- Provide important information for EVNHCMC's cybersecurity experts and others in handling cybersecurity incidents.
- The database of incidents is accumulated, knowledge and experience are input into the process of handling and monitoring cybersecurity incidents.
- Both the OT network and the IT network are monitored by the same SOC.
- Effectively and optimally use the invested security equipment and technologies. The system is optimized regularly, adapting to changes in the level of sophistication and complexity used by hackers, targeting EVNHCMC's and EVN IT systems.
Operating the SOC in the first 6 months of 2022 has provided EVNHCMC statistics, detailed information and specific assessment of the situation of malicious code infection, attacks via web, email, network... Combine with alert information from EVN, specialized cybersecurity units in Vietnam helped EVNHCMC detect and promptly prevent attacks and infection of malicious code. In the coming time, EVNHCMC will focus on strengthening SOC activities. Completing regulations and operating procedures and intensive training for EVNHCMC's cybersecurity experts in SOC operation, analysis and troubleshooting.